mirror of
https://github.com/cliffe/BreakEscape.git
synced 2026-02-21 11:18:08 +00:00
c50fab400e
Created comprehensive initialization document with SPECIFIC ENTROPY threat details: TARGET: - Quantum Dynamics Corporation (quantum computing research) - 450 employees, DoD/DARPA contracts - Post-quantum cryptography for military applications SPECIFIC STOLEN DATA (Project Heisenberg): - Quantum Key Distribution military specs (847 pages, classified) - 14 zero-day vulnerabilities in competitor products - DoD deployment database (247 facilities, schedules, network topology) - Cryptographic key material and test data - Total: 4.2 TB across 18,000 files (73% exfiltrated) CONCRETE CONSEQUENCES IF ENTROPY SUCCEEDS: - $4.2 billion DoD quantum crypto program wasted - 12-40 intelligence officers at risk (retroactive decryption) - 247 military facilities vulnerable during installations - 5-year quantum supremacy advantage to China/Russia - US quantum computing industry reputation destroyed THE INSIDER - David Torres: - Senior Cryptography Engineer, PhD from Stanford - $180K medical debt (wife Elena has Stage 3 cancer) - Recruited 8 months ago by Insider Threat Initiative - Paid $45K so far, promised $200K total - Exfiltration method: Steganography in training videos → YouTube - Believes he's helping 'journalists expose military-industrial complex' - Morally conflicted, can be turned if shown ENTROPY's true plan ENTROPY 4-PHASE PLAN: 1. Exfiltration (current) - 73% complete via Torres 2. Analysis (2 weeks) - Digital Vanguard weaponizes research 3. Distribution (4 weeks) - Zero Day Syndicate sells to China/Russia/Iran 4. Deployment (12 weeks) - Decrypt DoD comms, attack facilities CROSS-CELL COORDINATION (First Business Model Mission): - Insider Threat Initiative: Recruitment ($15K per placement) - Digital Vanguard: Technical analysis & infrastructure - Zero Day Syndicate: Exploit weaponization & sales - Crypto Anarchists: Payment processing - Expected revenue: $45-70 million USD split across cells INVESTIGATION STRUCTURE: - 8-10 employee NPCs to interview - Evidence correlation puzzle (logs, access records, financials) - Non-combat resolution (dialogue-driven confrontation) - Bludit CMS exploitation (CVE-2019-16113) for digital evidence MORAL COMPLEXITY: - Turn Torres into double agent (saves wife, provides intel for M6-M10) - Arrest Torres (justice, but wife likely dies, limited intel) - Sympathize and release (saves family, endangers national security) - Expose everything publicly (disrupts ENTROPY but destroys company) CAMPAIGN IMPACT: - If turned: Torres provides intelligence through M10 finale - Reveals ENTROPY operates as criminal corporation with service contracts - Sets up M6 financial tracking, M8 insider threat patterns - Human cost in M7 if data sold to foreign governments Educational focus: Human Factors (insider threats), Web Security (CMS exploitation), Security Operations (forensic investigation), Systems Security (privilege escalation) Document: 600+ lines detailing specific operational plans, consequences, and NPCs. Mission ready for Stage 1 narrative structure development.
BreakEscape Rails Engine
Cybersecurity training escape room game as a mountable Rails Engine.
Features
- 24+ cybersecurity escape room scenarios
- Server-side progress tracking with 2-table schema
- Randomized passwords per game instance via ERB
- JIT Ink script compilation for NPC dialogue
- Polymorphic player support (User/DemoUser)
- Pundit authorization
- RESTful API for game state management
- Session-based state persistence
Installation
In your Gemfile:
gem 'break_escape', path: 'path/to/break_escape'
Then:
bundle install
rails break_escape:install:migrations
rails db:migrate
rails db:seed # Optional: creates missions from scenarios
Mounting in Host App
In your config/routes.rb:
mount BreakEscape::Engine => "/break_escape"
Usage
Standalone Mode (Development)
export BREAK_ESCAPE_STANDALONE=true
rails server
# Visit http://localhost:3000/break_escape/
Mounted Mode (Production)
Mount in Hacktivity or another Rails app. The engine will use the host app's current_user via Devise.
Configuration
# config/initializers/break_escape.rb
BreakEscape.configure do |config|
config.standalone_mode = false # true for development
config.demo_user_handle = 'demo_player'
end
Database Schema
break_escape_missions- Scenario metadata (name, display_name, published, difficulty)break_escape_games- Player state + scenario snapshot (JSONB)break_escape_demo_users- Standalone mode only (optional)
API Endpoints
GET /games/:id/scenario- Scenario JSON (ERB-generated)GET /games/:id/ink?npc=X- NPC script (JIT compiled from .ink)GET /games/:id/bootstrap- Initial game dataPUT /games/:id/sync_state- Sync player statePOST /games/:id/unlock- Validate unlock attemptPOST /games/:id/inventory- Update inventory
Architecture
ERB Scenario Generation
Scenarios are stored as .json.erb templates and rendered on-demand with randomized values:
<%= random_password %>- Generates unique password per game<%= random_pin %>- Generates unique 4-digit PIN<%= random_code %>- Generates unique hex code
JIT Ink Compilation
NPC dialogue scripts compile on first request (~300ms):
- Check if
.jsonexists and is newer than.ink - If needed, run
inklecateto compile - Cache compiled JSON for subsequent requests
State Management
Player state stored in JSONB column:
- Current room and unlocked rooms
- Inventory and collected items
- NPC encounters
- Global variables (synced with client)
- Health and minigame state
Testing
rails test
License
AGPL v3 - See LICENSE file for details
Documentation
See HACKTIVITY_INTEGRATION.md for integration guide.